
Version-controlled Web 
pages with CVS 



by Rainer Dorsch 

A small group of editors of a division of 
a small company often manage the 
company's Web pages. One way to 
set up the division would be to name a master 
editor, who is the only editor with write access 
to the pages. The other editors would send 
him their suggestions or patches for the pages. 
The drawback to this is a considerable com- 
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Figure A: The cvsweb interface shows us the directory structure of our 
Web pages. 



munication overhead, especially if changes are 
small, such as fixing typos. Further, the editor 
requesting a change has to keep it in mind 
until the master editor completes the change. 

Another extreme way to set this up would 
be to give write access to all editors. The draw- 
backs here are that pages can be overwritten 
if two editors edit local copies of a page at the 
same time. Further, it's 
difficult to find the editor 
who's responsible for a 
specific change in the 
pages. It isn't even guaran- 
teed that an editor notices 
that there was a change 
at all, if it has been suffi- 
ciently small. These kinds 
of problems also occur in 
large software projects. 
Most projects use version 
control systems to handle 
these difficulties. 

In this article, we'll de- 
scribe how to use the Con- 
current Versions System 
(CVS), shown in Figure A, 
to manage your Web pages. 
CVS is free software dis- 
tributed under the terms 
of the GNU Public License 
(GPL). In our experience, 
once CVS was set up, it 
reduced the coordination 
overhead between editors 
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considerably. Additionally, it allowed each 
editor to be the master editor, but all changes 
were always trackable and documented. 

The resulting overhead is the necessity of 
documenting changes in the Web pages (which 
could turn out to be an advantage in the long 
run). Overwriting changes made by another 
editor is impossible. Importing existing pages 
is no problem. In this article, we assume that 
you have a working Web server, like Apache, 
available. 

Editing the pages 

Using the concept that each editor works on 
his own local copy of Web pages, this copy 
can be edited and browsed by the editor be- 
fore it's installed on the Web server. CVS en- 
sures that nobody overwrites changes made 
by somebody else, and documents which 
changes were done by which editor. For this 
reason, CVS has the master copy in the reposi- 
tory. Each editor has to supply a comment on 
why he performed the change. 

Editing pages consists of three steps. We as- 
sume that the top-level directory of the local 
copy of the Web page is in the directory -/www: 

1. Synchronize the local copy with the reposi- 
tory before editing pages. This is done by 

cd "/www 

cvs update 

This step is optional, but helps to reduce 
conflicts. 

2. Edit the pages as usual with whatever 
method you want to use. We decided, 
for several reasons, to edit plain HTML 
at our site. 

3. Commit your changes — that is, tell CVS 
that it should incorporate your changes in 
the repository. This is done by cvs commi t 

f i le. If you don't give a file, the complete 
subdirectory tree is checked for changes 
and committed, if there are changes. Your 
favorite editor (specified by the EDITOR envi- 
ronment variable) pops up and asks you for 
a comment, which should be stored with 
the change. Note that it's not important to 
give the reason for the change. Just describe 
the change in words, like X replaced by Y. 
For small changes, like a typo fix, you can 



give the comment, like the following, on 
the command line: 

cvs commit -m "Typo iixed." file.html. 

Usually committing your changes works. 
But from time to time, another editor commits 
a change in a page while you are editing it. In 
this case, CVS will reject your commit and ask 
you to synchronize your local copy first with 
the master copy (step one). When running 
CVS update, two things can happen: 

• CVS merges your changes automatically 
with the changes the other editor commit- 
ted. This might happen if the other editor 
changed a link in the page and you insert- 
ed some text in another location. We've 
experienced that automatic merging works 
for Web pages even better than it does for 
software. 

• A conflict occurs. This might happen if 
you changed a link to a given URL and 
the other editor changed the same link to 
another URL. In this case, note in the file 
what conflict occurred. In this file, both 
alternatives of the conflicting section are 
shown in the following form: 

«««< f i le.html 
Your alternative 



Alternative suggested by the other 
edi tor 

»»»> 1 .6 

If the reason for the conflicting change isn't 
obvious, you should first check the documen- 
tation, in which the editor of the conflicting 
change should have stated why he performed 
the change. If this doesn't solve your problem, 
contact the editor who committed the conflict- 
ing change. 

Tracking changes 

Each night, we perform an automatic update 
of our Web pages from the CVS repository 
with a cron job. You can also force an imme- 
diate update after each commit by an editor 
using the commitinfo configuration file of 
CVS. The line in our crontab file is: 

5 3 » * « cd /www; cvs update -d -P 
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All the editors get an email of the output of 
the update process, documenting which pages 
were changed. When an editor notices a change 
in a part of the Web pages he's interested in, 
he'd use the cvsweb interface to check who did 
which change for what reason (although the 
command line interface could also be used), 
cvsweb displays the directory structure and 
the files of the Web pages, as shown in Figure 
A. For each file, the history and the differences 
between files can also be listed, as shown in 
Figure B. 

Setup 

To set up CVS for managing Web pages effi- 
ciently, begin by downloading the CVS bina- 
ry from http://sunfreeware.com. Use pkgadd 
-d <packagename>to install the binary on your 
system. One exception in which you'll want 
to compile your own version of CVS is when 
you want to use cvswrappers (see sections 
"Automatic tasks" and "Further information"). 

The first thing you should do is set up a 
repository. You have to select a directory (which 
should have an excellent backup) for the re- 
pository. Let's assume you choose /usr/ local/ 
cvsroot. Then you must initialize the repository 
using the following command: 

cvs -d /usr/tocal/cvsroot init 
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Figure B: l/Ve can also display the history of each file's updates. 



Next, you'll want to import your existing Web 
pages (if you want to start from scratch, just 
omit this step). Let's assume you have a copy 
of the pages in - /www. The commands 

$ cd "/www 

$ cvs import -m "Imported sources" www 
editor start 

import your pages. Your pages will appear in 
the repository in /usr /local /cvsroot /www. 
The string edi tor is a vendor tag, and start is a 
release tag. They aren't important for our use 
of CVS. Now the setup of the repository 
should be complete. 

Now, each editor should check his local 
copy of the pages. Make sure that you don't 
have a www subdirectory in the local directory 

cvs -d /usr/local/cvsroot checkout www 

This checks the local copy of the pages. You can 
now start editing the pages as we described. 



Automatic tasks 

Currently, we run two tasks automatically to 
enhance our installation of CVS. First, we up- 
date the last change line when the pages are 
committed automatically. We insert the date, a 
shortcut for the editor, and his email address. 
You do this by inserting the line 

..html -t 

' /usr/ 1 oca 1/share/wwwAdmi n/scri pts/ 
updateEdi tor %s %s ' 

into the cvswrappers file. Wrappers allow you 
to set a hook that transforms files on their 
way in and out of CVS. Our line in cvswrap- 
pers defines that the updateEdi tor script will 
run on each file whose name matches the 
filter *.html. Listing A on page 4 shows the 
updateEdi tor script. 

The webEditors file contains lines with tab- 
separated fields containing initials, username, 
and email address. An example would be: 
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rd rainer rainer.dorsch@i nf ormat i k . 
uni-stuttgart.de 

We also automatically generate a what's 
new page, which contains links to the new 
content on our site. Since we don't want each 
fixed typo to appear on the what's new page, 
we explicitly trigger the insertion into the news 
page. Our Perl script, cvs2www. p I, analyzes the 
comments that are given when a file is com- 
mitted and generates a list entry for each 
comment with a leading plus sign (+) in the 
following form: 

date: comment (editor) 

Comment is the comment given in the 
commit process (without the leading plus 
sign character), and it's linked to the commit- 
ted page. Editor is the initials of the editor, 
and is linked to his email address. The script 
is derived from Karl Fogel's cvs2c I . p I, which 
generates a GNU style ChangeLog file from 
the CVS log entries. 

If you want to use the cvs2www. p I script 
to generate your news page, change the 
page header enclosed between the follow- 
ing lines: 



Listing A: Script to transform our checked-in and checked-out HTML files 
#! /bin/bash 

export LC_ALL=en_EN.IS0-8859-1 

webEdi tors = /usr / loca I /share/wwwAdmi n / da t a /webEd i tors 

EDIT0R= ' grep SUSER SvebEdi tors ! cut -fl" 
MAIL='grep SUSER JwebEditorsicut -f3' 

SEARCH='Last change: [*\( ]*(<a HREF="mai I to: [""]«">[ ~<]*<\/a>' 

SC='date + %d' 

ADD=th 

if [ $SC -eq 1 -o $SC -eq 21 -o JSC -eq 31 1; then 
ADD=st 

elif [ $SC -eq 2 -o $SC -eq 22 1; then 
ADD=nd 

elif [ JSC -eq 3 -o JSC -eq 23 ]; then 
ADD=rd 

fi 

REPLACED Last change: "date + "%B%d$ADD, %Y"" (<a HREF="mai Ito: 

, $MAIL'"> , $EDITOR , <\/a>' 
sed s/"$SEARCH"/"$REPLACE"/g $1 > $2 



my $WebPage_Header = « ' END_OF_HEADER ' ; 

[...] 

END_OF_HEADER 

Change the first part of the footer enclosed 
between the following lines: 

my $WebPage_Footer = «'END_0F_F00TER' ; 

[...] 

END_0F_F00TER 

Finally, change the second part of the footer 
written by the following line: 

printf NEWS_0UT "Last change... 

The second part is separated because the cur- 
rent date is inserted automatically. 

Further information 

If you have to set up a Web server first, an 
Apache binary for Solaris can be downloaded 
from http://sunfreeware.com/. Documentation 
about the Apache server can be found at the 
homepage of Apache www.apache.org. 

We described only a small fraction of CVS 
functionality. You can find further informa- 
tion about CVS in Per Cederqvist's manual 
(www.loria.fr/cgi-bin/molli/wilma.cgi/ 
doc.847210383.html), the info pages coming 
with CVS, or Cyclic's Web page www.cyclic. 
com. There's also a mailing list info-cvs (see 
www.cyclic.com/cvs/lists.html) on which all 
kinds of CVS-specific questions are discussed. 
It's a low traffic list with 5-10 postings per day. 

A CVS binary for Solaris 2.6 can be down- 
loaded from http://sunfreeware.com/. Unfor- 
tunately, at the time of this writing, the current 
version of CVS doesn't support -t/-f cvswrap- 
pers due to a bug in the code. CodeFab's ver- 
sion of CVS does support it. You can download 
the source code and Solaris binaries from 
www.codefab.com/cvs.html . 

We didn't discuss graphical user interfaces 
for CVS. There are various options for differ- 
ent platforms, including all kinds of UNIX, 
Microsoft's operating systems, and MacOS. 
See www.cyclic.com/cyclic-pages/software. 
html. You can download Karl Fogel's 
(kfogel@red-bean.com) cvs2cl.pl from www. 
red-bean.com/~kfogel/cvs2cl.shtml or our 
modified version to generate our news page 
from www.ra.inf ormatik.uni-stuttgart. de/ 
~rainer/Download/cvs2www.pl. The GNU 
Pulic License (GPL) is available at www.gnu. 
org/copyleft/gpl.html. 



Inside Solaris 



Pinging RMI servers 




by Atiq Hashmi 

Java provides a simple distributed object 
application facility called Remote Method 
Invocation (RMI). Using RMI, applications 
can distribute Java objects to other ma- 
chines to run within servers where the client 
can invoke methods of those objects just like 
a local call. 

However, RMI is a simple, remote method 
invocation facility and doesn't provide mecha- 
nisms to manage or monitor the servers. One 
ability that isn't directly available is being able 
to see that the servers that have exported their 
services are still listening for requests. In other 
words, there's no utility to ping an RMI server. 
In this article, we discuss a Java programming 
scheme to provide such a ping service. 

RMI overview 

An RMI-based system consists of a client and 
a server. The server provides services by defin- 
ing objects, usually referred to as remote ob- 
jects, and methods associated with them. It 
then exports its object to a registry process 
called rmiregistry, which serves as a name serv- 
ice for the servers. The rmiregistry runs on a 
well-known port, which is 1099 by default. 
This exporting process is called binding to the 
registry. Each server registers or binds itself 
with a unique name (sometimes called a bind- 
ing entry) in the registry. 

The client uses two steps to use the remote 
server. First it gets a reference to a remote ob- 
ject by looking up a server by its binding entry. 
Once it has that reference, it can invoke any 
methods on it and get the service. 

However, finding a binding entry doesn't 
necessarily mean that a server is listening on 
it. This happens when, for example, a server 
dies without unbinding itself. The client appli- 
cation only finds this after invoking a remote 
method and failing, as a result. 

Java interfaces 

A client and server agree on the services by 
defining a Java interface file. In Java, an inter- 
face defines a protocol of behavior that is es- 
sentially a set of methods that the server must 
implement. A Java class is then defined that 
contains the actual implementation code for 



those methods. Interfaces can be extended by 
subinterfaces, just like classes. 

The following is an example of a Java in- 
terface definition: 

public interface testinterface 
^extends Remote 
{ 

public String testHello() throws 



RemoteException; 



} 



Here, the interface defines that the server 
that will implement this interface will pro- 
vide a remote method called testHel lo( ) that 
takes no arguments and returns a string as 
a result. 

Using the ping interface: 
Server side 

As discussed, in order to know if a particular 
server is actually running, you need to actu- 
ally invoke one of the remote methods. The 
scheme we present here is to define a sepa- 
rate generic ping interface that's extended by 
all other application interfaces. The advan- 
tage of this is that the ping facility becomes 
a uniform and standard facility across the 
product development environment. Besides, 
any other rmi server management services 
can be added as part of standard remote serv- 
ices (for example, a method to collect server 
usage statistics, etc.). 

We also provide a sample implementation 
code for the ping method that can be used by 
interface implementation classes. This sample 
code provides useful information, such as the 
user that owns the server, the time the server 
started, the host the server is running on, etc. 
Listing A on page 6 shows the generic ping 
interface. 

The applications can provide any imple- 
mentation they like, but one way to make the 
ping system work is that the application in- 
terfaces extends the Pinglfc interface shown 
in Listing A. Since the Pinglfc extends the 
Remote interface, the application interfaces 
need not extend it again. 
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In the class that implements the application 
interface add an instance variable like this: 

private String startTime_ = new 
*»Date( ) . toStri ng( ); 



Listing A: Our generic RMI ping interface 
II Pinglfc. java 

import java. lang. String; 

import java.rmi .Remote; 

import java.rmi .RemoteException; 



public interlace Pinglfc extends Remote{ 

public String pingl) throws RemoteException; 

} 



Listing B: Setting up our Ping 



/classes needed for the Ping remote method 
mport j ava . net . InetAddress; 
mport java .net .UnknownHost Except ion; 
mport java. lang. Secur it yExcept ion; 
mport java.uti I. Date; 
* 

» This Junction provides ping feature 

* to the clients. 

./ 

public String pingl ) 
throws RemoteException! 

InetAddress ia = null; 
String s = null; 
try{ 

ia = InetAddress. getLoca IHos t ( ); 
}catch(UnknownHostException e){ 

e.getMessage( ); 
System. exit(1 ); 
}catch(Securi tyException e){ 

e . getMessagef ); 
System. exi t( 1 ); 



System. getPropertyt "BINDING_NAME" ) ♦ 
' + System. getPropertyC'user. name" 
1 + i a . ge t Hos t Name ( ) ♦ 

+ System. getPropertyf "PORT" ) ♦ 
1 + startTime_; 
return s; 



Also, add a pi ng( ) method to the class. Listing 
B shows a sample implementation of this 
method that creates a string containing some 
ping-related information. The top part shows 
the classes that need to be imported in the file. 
When a client invokes this method, the method 
prepares this string and returns it to the client. 
The example assumes that the values for bind- 
ing name and the registry port are available in 
the system properties. 

You could add other pieces of information 
as well in this string. If this information doesn't 
change during the life of the server, the con- 
struction of this string could be implemented 
so that it's constructed just once. 

Client side 

Now that we have a ping service implement- 
ed on the server side, you can write a tool to 
invoke the pi ng( ) method to check whether or 
not the server is listening. However, before 
the pi ng( ) method can contact the server for 
information, there could be other problems — 
for example, the rmiregistry may not be run- 
ning, or there may be no binding entry in the 
registry. The tool needs to detect these before 
invoking the ping call. Java specifies different 
exceptions that the rmi runtime throws when 
an error occurs. We'll briefly discuss how to 
use the ping meaningfully by first checking 
these errors. 

Using the ping meaningfully 

The first API to use is Nami ng . I i st( ), which 
lists all the servers that the rmiregistry knows 
about. If the rmiregistry isn't running or not 
running on the expected port, a Connect- 
Exception is thrown. If the list of binding en- 
tries is successfully found, the next API used 
is Nami ng . lookup! ), passing each of the list re- 
sults obtained one by one in the argument. 

If there's no binding entry in the rmiregistry, 
a NotBoundException is thrown. However, if 
the lookup! ) successfully returns a reference of 
the remote object, the pi ng( ) method is invoked 
on this object. If the server is listening, a ping 
response with the server information is re- 
turned, as discussed; otherwise a Remote- 
Exception is thrown. 

Note that the listed exceptions are only 
meant for explanation. The Java API documen- 
tation lists all the exceptions that may occur for 
these calls, and Java requires that most of those 
must be caught by an application. 
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Conclusion 

We presented a way to ping RMI application 
servers and get useful information about the 



servers. As Java evolves, we may see additional 
Java APIs and facilities providing more capabil- 
ities for the RMI application environments, 



A look at the Solaris 7 kernel 



by Edgar Danielyan 



At the heart of the Solaris operating 
environment is the kernel, as in all 
UNIX systems. However, unlike other 
UNIX systems, the SunOS kernel isn't a single, 
monolithic executable file, but a structured 
collection of files. In this article, we'll take a 
look at the Solaris kernel facade and kernel 
directory structure, as well as its contents. 

The structure and the contents 

As mentioned earlier, the Solaris (or SunOS) 
kernel isn't a single file, but a collection of files 
in /kernel and /platform, and their subdirec- 
tories. As you may guess from their names, 
/kernel contains common kernel files, and 
/ platform contains platform-dependent parts. 
Lets start with /kernel: 



# Is /kernel 
drv exec 
*wnisc sched 



fs 

strmod 



genunix 
sys 



All of these are directories, except genunix, 
which is the kernel itself. It's an executable in 
ELF MSB format, statically linked. If you do 
an Is in the drv directory, you'll see a number 
of files with and without the .conf extension; 
these are the drivers themselves. Note that 
there are also virtual drivers — that is, drivers 
for non-physical devices, such as ip and arp 
drivers. 

The accompanying *.conf files are their con- 
figuration files (as you've already guessed). 
Generally, you don't need to modify anything 
in them; if you do modify, make sure you un- 
derstand what you want and what you do, 
because wrong configuration files will cause 
problems. The drivers are ELF MSB executa- 
bles, and the .conf files are text files. 



The next directory is exec, which contains 
only three files: 

aoutexec elfexec intpexec 

These are program loaders, which execute pro- 
grams stored in three corresponding formats, 
AOUT, ELF, and INTP. There are no configura- 
tion files here and nothing that needs to be 
taken care of. 

A perusal of the next directory, fs, will re- 
veal that it contains file system drivers — one 
file for each file system type: 



Autof s ti tot s lof s 
Cachef s 



procf s 
hsf s 



specf s 
nf ssockf s 



uf s 
tmpf s 



No configuration files here, either. 

Let's move on to the misc directory, which 
contains miscellaneous modules, such as md5 
and des, which implement MD5 and DES en- 
cryption algorithms, accordingly. The sched di- 
rectory contains the system scheduler itself. 
The strmod directory accommodates System V 
STREAMS modules — there are no configura- 
tion files here. 

The last directory in / kernel, sys, hosts vari- 
ous system-loadable modules. For example, 
kaio is the kernel asynchronous I/O module; 
nfs implements the NFS; semsys and shmsys 
implement semaphores and shared memory 
subsystems, respectively. 

Now, on to /platform. See Listing A on 
page 8. All SUNW, *s are symbolic links to sun4m, 
because the models listed are of a common 
architecture, and that architecture is called 
sun4m. It contains two files, kadb and ufsboot, 
and a directory, reasonably called kernel. The 
kadb is the kernel debugger, and the ufsboot is 
the UFS file system boot loader. 
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The kernel in turn contains other subdirec- 
tories and one file: 



cpu 



drv 



misc 



strmod 



unix 



Listing A: The platform directory listing 



# Is /platform 
SUNW.S240 
SUNW.SPARCstation 
SUNW.SPARCc lassie 
SUNW,SPARCclassic-X 
SUNW,SPARCengine-EC-3 
SUNW,SPARCstation-10 
Sun4m 



0,SX SUNW,SPARCstation-LX+ 
SUNW.SPARCstation-20 
SUNW,SPARCstation-4 
SUNW,SPARCstation-5 
SUNW.SPARCstation-LX 



SUNW,SPARCsystem-60O 
SUNW.Sun 4 600 



The only file here, unix, is the sun4m 
architecture-dependent part of the kernel. 
Directories drv, misc, and strmod are also 
sun4m-dependent counterparts of the same 
directories in /kernel, cpu contains CPU codes 
for various processors, the default being the 
Sun micro-SPARC processor (in case of sun4m 
architecture). There are also files for Ross- 
and Tl-made processors. 

There's one higher-level kernel configura- 
tion file, the /etc /system, which isn't described 
here, but we'll cover it in a separate article. 

This is just a small part of the roadmap 
to Solaris. As you can see, the Solaris archi- 
tecture isn't one big monolith, but actually 
a series of pieces that are designed to work 
together, 
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Adding a new device to your Sun 



□est 

your software 
knowledge 



by Vinay Gupta 

How many times do you needed to re- 
boot a Sun machine (running Solaris) 
after adding a tape drive, CD-ROM 
drive, or hard drive? The answer is zero! This 
may surprise quite a few of you, but it's true, 
thanks to Sun's drvconfig located in /usr/ 
sbin / drvconfig. 

drvconfig can create the full / devices di- 
rectory hierarchy that describes the hardware 
of that machine. You can also use drvconfig 
for a selective update to the / device directory 
hierarchy. Once you have all device entries, 
then getting a link to / dev is very easy. You 
can create all the links by hand, or you can 
use the devlinks, disks, and tapes commands 
to create them. 

Here's a simple example showing how you 
can add a tape device to a running Sun ma- 
chine, without any down time: 

1. Find out the used scsi IDs. Is /dev/dsk/*s2 
will give you all the scsi IDs used for hard 
drives and CD-ROM drives, and Is - 1 



/dev/dsk/? will give you all the scsi IDs used 
by existing tapes. 

2. Set the tape scsi ID to an unused one on the 
system. 

3. Connect the tape drive at the end of the 
scsi chain and Power on the tape drive. 

4. Rebuild /devices for the new scsi tape 
device by using drvconfig -i st. 

5. Make /dev links by using tapes. 

6. Check for the correct entry with Is - 1 
/dev/rmt/0, if this is your first tape drive on 
the machine. 

7. Insert tape and try mt -f /dev/rmt/0 stat 
for a further check. 

This same set of commands can be used to 
recover a crashed OS, where part or full of 
/ devices and /or /dev directory are missing. 
In this case, boot the machine via the Solaris 
CD-ROM or the network. Or you can take out 
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the disk and mount it to some other machine. 1. drvconfig -r /tmp/mnt 

Now use the -r option (available in all com- 2. devlinks -r /tmp/mnt 

mands) to rebuild the /devices and /dev di- 3. disks -r /tmp/mnt 

rectory tree. 4. tapes -r /tmp/mnt 

If you have mounted the crashed OS disk 

on /tmp / mnt then you have to: That's all there is to it! ^ 



Penetration testin 
intrusion detection 




by Paul A. Watters 

Security is a constant concern for net- 
worked information systems. The re- 
quirement of ensuring data integrity 
must always be weighed against the usability 
of systems and interfaces, in the face of con- 
stant threat of attack from the outside world. 

In this article, we'll take a fresh look at 
an old adage in the Solaris world — the best 
way to determine if your system is secure is 
whether or not you can break into it. This kind 
of penetration testing is becoming increasingly 
common for Solaris systems, as administrators 
attempt to stay one step ahead of the wily 
cracker. 

However, an often overlooked aspect of 
computer security is effective intrusion de- 
tection — a prerequisite to even determining 
whether systems have been compromised. In 
this article, we'll review the state-of-the-art 
in intrusion detection, focussing on some 
simple, manual procedures, which act as a 
first line of defense against intrusion. These 
measures can be used to detect deliberate 
penetration tests, as well as attacks from the 
outside. 

Why do they hack? 

Although obtaining data by breaking into or 
cracking networked computer systems is a se- 
rious crime in many countries, many people 
are willing to risk hefty fines and imprison- 
ment. Why? Forget the popular media image 
of a precocious teenager trying to break into 
NASA. Computer crime by experienced and 



organized syndicates is a profitable and en- 
demic problem that will become worse as the 
number of networked computers exponential- 
ly increases. 

Breaking into computer systems isn't a 
game — it can cost an enterprise thousands or 
even millions of dollars to repair damaged sys- 
tems, and more seriously, cause financial loss 
through leaking of trade secrets and /or direct 
interference in trusted financial transactions. 

Since many of the world's key computer 
systems run Solaris, it has been a popular tar- 
get, with postings to USENET publicizing 
bugs in third-party software and freeware 
causing panic and disruption to operations. 
We have all read about buffer over-runs in C 
programs, exploiting race conditions in multi- 
threaded applications, as well as browser bugs 
which reveal sensitive local information. The 
two questions which naturally arise are, "How 
can we protect our systems from intrusion?" 
and "How do we know when our systems 
have already been compromised?" 

Security packages 

There are many commercially available secu- 
rity packages that mine key system data logs 
for irregularities of various kinds in TCP con- 
nection requests, which might indicate suspi- 
cious or fraudulent access. However, there's a 
likelihood that an experienced cracker will be 
aware of these programs and their scanning 
techniques. Instead of initiating a port scan in 
sequential order every five seconds, a cracker 
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might decide to generate a scanning pattern 
that scans unusual ports randomly or chaoti- 
cally, interspersed with accesses to normal 
ports (like port 80 for HTTP requests). 

Intrusion detection systems can provide 
valuable data about persistent attempts to log 
on, or deny access to your computer, by at- 
tempting to consume all available bandwidth 
on your network connection by issuing fake 
broadcast requests (smurfing). However, the 
best solution is to get a feel for who logs on to 
your system when, and what kind of activity 
levels are representative of legitimate process- 
ing during different times of the day. 

Detection 

One of the best tools for monitoring logins and 
access to systems is the TCP wrapper package, 
which pre-dates Solaris 2.x. This package was 
designed to provide a substitute for each net- 
work daemon, which called the real daemon 
on request after logging the request to a system 
log file. This greatly increased the awareness 
of administrators about use of their system. In 
addition, alerts could be produced on attempts 
to access any one of the network daemons: for 
example, attempts to rsh or rlogin could be 
monitored. 

Of course, the best solution to reduce the 
potential for misuse of these network services 
is to switch them off explicitly in /etc/ services, 
and / or filter packets at the firewall level des- 
tined for those services. This solution provides 
both internal and external protection of data 
through port connections. There may also be 
situations where particular ports must be 
available locally for use (for example, for data- 
base listeners) but must be denied to external 
users. A firewall is definitely necessary in this 
situation, although many routers these days 
have a basic packet filtering capability. 

Another important tool in detecting intru- 
sions on your system is tripwire, which moni- 
tors local filesystems for changes in size and 
other characteristics that might indicate a Tro- 
jan horse or other attack. A signature of each 
filesystem is taken, and verification against 
future states takes place at regular intervals. 
Unexpected and unauthorized changes can be 
cross-referenced with access data provided by 
tcp wrappers, to track down the source and 
target of illegal access to data. 

Access to networked systems varies in many 
ways, and there are many legitimate, freely 



available services for which monitoring may 
not be necessary. A good example is an anony- 
mous FTP server — or is it? Many implementa- 
tions of FTP require a version of the password 
file to be present in the etc directory of the 
anonymous FTP area. Some administrators 
failed to read the fine manual for these systems, 
and unwittingly made the whole password 
file available by anonymous FTP. Obtaining a 
UNIX password file is like gaining the keys to 
the kingdom. Although the password fields are 
encrypted, password-guessing programs like 
Crack assume that many users base their pass- 
words on variations of dictionary words, prop- 
er names, capital cities, and a number of other 
easily guessable sources. 

Reducing the risk of intrusion by 
gaining access to the password file 

There are two ways to reduce the risk of in- 
trusion by gaining access to the password file. 
First, a passwd replacement like npasswd 
should be installed, as it prevents users from 
changing their passwords to those which can 
be guessed by Crack using default dictionar- 
ies. The drawback is that users of the system 
will refuse to change their passwords because 
the acceptable alternatives are too difficult to 
remember, or worse still, they might write 
their password on a notepad next to their 
terminal or PC. 

The second strategy involves enabling pass- 
word shadowing, so that the password file 
doesn't actually contain a world-readable copy 
of all the encrypted passwords. Passwords are 
kept in a separate shadow file that's only acces- 
sible by the superuser. 

Penetration 

In an article entitled "Improving the Security 
of Your Site by Breaking Into It," found at 
www.nease.net/~ping/admin-guide-to- 
cracking.html/, Farmer and Venema suggest 
that the best form of defense is attack — an at- 
tack on your own system. Although this might 
seem like an unusual suggestion at first, the 
basis is that if you can easily break into your 
own system, then an intruder will also have 
little difficulty. 

Alternatively, you can pay one of the 
many security consultants who specialize in 
this kind of defense to determine the vulner- 
abilities and weaknesses of your systems. 
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Whichever path you choose, you should al- 
ways be aware of some of the basic strategies 
by which people obtain unauthorized access 
to systems. 

One of the oldest tricks in the book is to try 
out so-called default system and application 
passwords to gain access to the system via a 
particular port or protocol, which might reveal 
further information about a target system. 
Some non-Solaris operating systems ship with 
the default superuser password combination, 
system / manager, which is also typical of 
some popular RDBMS systems. 

Although gaining read-only access to a 
database through an external listener and a 
default username and password might not 
seem as serious as someone gaining full su- 
peruser privileges, commercially sensitive 
data might be easily revealed in this way. In 
addition, there's the constant threat that an 
intruder may subtly change some data in 
your tables, which might leave your compa- 
ny liable for damages arising from neglect, 
especially if a third-party client is involved. 
Deciding on sensible username /password 
combinations for both system and RDBMS 
accounts is a prerequisite for any serious 
level of security. 

Another useful test is accessing your sys- 
tem with a low-level user account, perhaps as 
a guest user, and investigating what system 
features you can gain access to (especially 
write access). As mentioned earlier, some sys- 
tems have world-readable password files, as 
well as lists of supported services, personal 
details about other users, and technical data 
on the size and capacity of a target machine. 
All of this information, once compiled, is fair- 
ly useful to an intruder. 

Users on machines networked to your own 
might like to participate in an NFS and SMB 
mounting exercise, where they attempt to 
mount all available shares and volumes from 
your computer and see what information 
they can reveal. Was it really such a great 
idea to share " / ", revealing your system 
password files to everyone in the company? 
Often, when the external threats of attack are 
minimized through the use of firewalls and 
other security layers, the issue of internal or- 
ganizational trust becomes the most signifi- 
cant barrier to security. 

Adventurous users may wish to switch 
their network card into promiscuous mode, 



directly reading the bytes transmitted through 
the network. Some clever filtering software 
will allow you to capture the passwords trans- 
mitted in clear text over the network. It's bet- 
ter for us to be aware of these vulnerabilities, 
rather than a cracker who has gained con- 
trolled of the router between our mail server 
and workstation, reading off our POP pass- 
word to read mail unaware that we have just 
surrendered control of the system. A better so- 
lution is for all data exchanges through the 
network (including password authentication) 
to be encrypted, using a secure-socket layer 
for Web-based services, and secure shell and 
copy for telnet-like services. 

SATAN 

One of the most useful tools for testing the se- 
curity of Solaris systems is SATAN, the Securi- 
ty Analysis Tool for Auditing Networks (and 
more recently, SAINT). Although criticized 
heavily when released for openly exposing the 
defects of many networked computer systems, 
SATAN managed to bring out into the open 
the whole issue of just how vulnerable our 
systems are to attack. 

The software works by using several pro- 
grams to systematically detect (and exploit) 
weaknesses in a target system (in this case, 
our own). Although SATAN itself has some se- 
curity flaws, which have been highlighted, it's 
very useful for determining the nature of spe- 
cific vulnerabilities in a single and /or a net- 
work of systems, which can provide the basis 
for an action plan. 

Further reading 

The number of papers, software packages, and 
exploit scripts grows exponentially each month, 
and so it's difficult to recommend the best tools 
or sources of data regarding intrusion detection 
and penetration testing. One of the most up- 
to-date sources of information about weekly 
trends in cracking is the National Infrastruc- 
ture Protection Center, www.nipc.gov, which 
posts a fortnightly summary of the most com- 
mon attack types, viruses, and newly published 
exploits, ranked by potential seriousness of 
outcomes for servers (for example, a low rank- 
ing for denial of service, but a high ranking 
for root access). The USENET forum comp. 
security.unix also contains current informa- 
tion, as well as lively debates, about security 
issues and industry trends, 
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pcoming Internet events 



fey Edgar Danielyan 

The Internet Society 

Draft Charter of the Non-Commercial Domain 
Names Holders Constituency (NCDNHC) of 
the Domain Name Supporting Organization 
(DNSO) is published at www.ncdnhc.isoc.org. 
Comments and discussions are encouraged and 
welcome. This draft was written by Kathryn 
Kleiman, Don Heath, David Maher, and Randy 
Bush with input from many people. 

Conferences 
INET'2000 

The date is set for INET'OO, the premier inter- 
national Internet conference. The Internet 
Global Summit, 10 th Annual Internet Society 
Conference will be hosted by the Pacifico 
Yokohama Conference Center in Yokohama, 
Japan, on July 18-21, 2000. Mark your calen- 
dar now! 

NDSS 

The Network and Distributed Systems Secu- 
rity Symposium (NDSS) will be held at the 
Catamaran Resort Hotel, San Diego, CA, on 
February 2-4, 2000. Among the speakers is 
Professor Eugene Spafford of the Purdue 
University, ACM Fellow, IEEE Senior Mem- 



ber, widely known expert on information 
security. 

Reseaux IP Europeens 

RIPE NCC published its 1998 Annual and 
Financial Reports, available online at www. 
ripe.net/annual-report/98ar.html. 

Reseaux IP Europeens, American Registry 
for Internet Numbers, and the Asia Pacific 
Network Information Center published a com- 
mon policy draft on the Address Supporting 
Organization (ASO) of the ICANN, which will 
be submitted to the ICANN. Public comments 
and feedback are encouraged. 

IANA 

A document called "Internet Domain Name 
System Structure and Delegation" has been 
published jointly by the IANA and ICANN for 
public comment. The document summarizes 
current practices of the IANA in administering 
RFC 1591, which deals with the delegation 
and administration of country code top-level 
domains (ccTLDs), such as .US, .UK, and .FR. 
The full text of the document may be found at 
www.iana.org/tld-deleg-prac.html. Email 
comments to comments@icann.org. 




ARISQ&A 



anging the login message 



hanges to the law in my country require me 
to explicitly warn users logging on to my 
stem that breaking into my computer system is 
illegal. What's the best way to do this? 



There are two possibilities: /etc /issue is 
a text file that's printed before the familiar 



login prompt, and so can deter potential 
crackers from attempting to log in. Alterna- 
tively, /etc/ motd is displayed after a login, 
and can be used, for example, to display 
internal usage policies (such as, developers 
must not attempt to access filesystems to 
which they haven't been explicitly given 
access). 
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Apache detective work 



have an Apache Web server running with a lot 
of virtual hosts and redirects, and I find it hard 
to keep track of what my server is doing! Is there 
an easy way that I can get a listing of these kinds 
of details? 



The configuration for an Apache Web server 
is traditionally kept in three separate files: 
httpd.conf (server configuration), srm.conf (re- 
source configuration), and access.conf (author- 
ization and security). The trend these days is 
to combine configuration, resource, and secu- 
rity information into a single httpd.conf file. 

It's quite easy to use a Bourne shell or Perl 
script to search for the information you need 
and dynamically display the results to a text 
file or, more imaginatively, to a Web page. This 
makes viewing your current configuration 



D O V7 i 1 1... r J A D 



ftp.zdiournals.com/sun 



very easy. An example Perl script to do this 
is shown in Listing A. 

After defining some basic information that's 
used to define virtual hosts, such as the IP ad- 
dress of the host ($ip), the definitions for a 
configuration file ($httpfile), and resource file 
($srmfile) are given. If these files exist and are 
readable, some HTML tags are generated to 
ensure a properly formed document. Next, the 
script searches through $http file for occur- 
rences of <VirtualHost $ip>, in this case <Vir- 
tualHost 58.12.23.34>, and extracts the virtual 
hostname, terminating the line with a break. 

A similar process occurs for $srmfile, to 
find any redirect definitions. This script is en- 
tirely general, and other Apache parameters 
(like AddlconByType definitions) could also 
be extracted and displayed in this way. 



Listing A: Example Perl script 



# ListApache.pl on ftp.zdjournals.com/sun 
#! /usr/bin/perl 

print "Content-type: text/html \n\n"; 
$ip="58. 12. 23.34"; 

Shttpf i le="/usr/ local / apache- 1 . 3. 6/conf /httpd.conf "; 
open (HTTP.Shttpfi le) !! die 
*»"System error: Unable to process your request"; 
Ssrmf i le="/usr/ 1 oca I /apache- 1 .3. 6/conf /httpd.conf "; 
open (SRM.Ssrmf i le ) 1 1 die 

^•■"System error: Unable to process your request"; 
print "<HTML>\n"; 
print "<HEA0>\n"; 

print "<title> Virtual Hosting & Redirection 

*»Report</ti t le>\n"; 

print "</HEAD>\n"; 

print "<B0DY BGC0L0R=#FFFFFF>\ n " ; 

print ("<h1>Virtual Hosting: $i p</h1>\n" ); 

while (<HTTP>) 

I 

if ( /<Vi rtua IHost $ip>/) 
{ 

$f ound = 1 ; 

1 



else 



if ($found==1) 
( 

s/ServerName//g; 
print "$_"."<br>"; 

1 

$found=0; 



} 



} 

close(HTTP); 

print ("<pxh1>Redirections $ip:</h1>\n"); 

while (<SRM>) 

{ 

if (/ReDirect/) 
{ 

s/ReDirect//g; 
s/http/\n<br>\t T > http/g; 
print . "<br>"; 

} 

) 

close(SRM); 

print "</B0DY>\n"; 

print "</HTML>\n"; 
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Choosing your Java environment 



I'm new to Java development, and I'm using 
Solaris 7 as my Java development platform. 
Currently, I'm using JDK 1.1.7, but I want to be 
able to test the new features of Java 2 (for example', 
swing) by installing the new JDK 1.2. Can 1 have 
both installed on my system at the same time? 



Listing B: Changing our path to use JDK 12 



JAVA_H0ME=/usr/java1.1; export JAVA_H0ME 
PATH=$PATH:$J AVA_H0ME ; export PATH 

Classes are located by setting the CLASSPATH in Bourne shell: 
JAVA_LIB=$JAVA_HOME/ lib/c lasses .zip; export JAVAJ.IB 
CLASSPATH=$CLASSPATH:$JAVA_LIB; export CLASSPATH 



How do Java programs know which package to 
use, and' where to find classes? 

ad- 
it's certainly possible (and desirable) to be 
able to continue development with JDK 1.1.7 
while investigating the new features of Java 
2. If you've installed the JDK 1.1.7 software 
package from Sun using pkgadd, it should have 
been installed in /usr/javal.l by default. 

If you download the package for JDK 1.2 
and install using pkgadd, Java 2 will be conve- 
niently installed in /usr/javal.2. To force your 
java programs to find a specific java compiler, 
simply set your path to find it. In Bourne shell, 
assuming that Java isn't already in your path, 
this can be produced with a command, such as 
the one in Listing B. If you ever need to use 
JDK 1.2, simply substitute /usr/javal.l with 
/ usr/javal.2. 



A publishing system that runs under Solaris 



I work for a small- to medium-sized enterprise 
(SME), and I'm required to implement an 
organization-wide publishing system (kind of like 
FrontPage for multiple users in a single work 
unit). Since my other server-side applications run 
under Solaris, I would like to install an application 
with a strong knowledge management focus, and 
which supports revision control. Can you suggest 
anything with a reasonable price tag? 

The first question organizations usually ask 
after discovering the possibilities of the Web is, 
"How can I get all my employees working co- 
operatively in this medium?" NT-based tools 
like Microsoft FrontPage (www.microsoft.com) 
are fantastic for single users, but offer little in 
the way of document protection or user inte- 
gration for distributed publishing. 

Other products for NT, like DocuShare by 
Xerox ( www.xerox.com), have powerful in- 
dexing and search capabilities for all different 
types of documents, but DocuShare is difficult 
to install and is written in the python inter- 
preted language (not exactly an industry 
standard). 



One alternative approach is to take advan- 
tage of the emergence of Java as a write-once, 
run-anywhere network programming lan- 
guage, and develop a system that interacts 
with heavyweight commercial databases to 
store Web data. One such product is Intranet 
Solution's Intra.Doc! (www.intranetsol.com), 
which features revision control and automated 
Web publishing. Unfortunately, it comes with 
a fairly hefty price tag: $100,000 for unlimited 
users. Although it runs on both Solaris and 
NT, it's also quite limited in terms of support 
Web servers and databases. 

The best solution for SMEs and indiv- 
idual workgroups comes from Whitewolf 
(whitewolfsoftware.com), whose website- 
MAX product is priced at under $4,000 for 
a 4-user license, including support. This 
product will work with any database that 
supports JDBC, and runs on any operating 
system that supports Java servlet technolo- 
gy. websiteMAX is written completely in 
Java, and supports template-based HTML 
development via an online, browser-based 
interface. 
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Where's my new drive? 

I've just installed a new hard drive, ^iifd^L^^^^^ 0 " doesn't recognize that 
it's there! Isn't Solaris' phtg-and-phiyiwql^^BB/^ting systems? Do I need de 



vice drivers? 

Your SPARCstation no doubt uses a SCSI bus, and you won't need special 
device drivers to install a hard drive. You must prompt the operating system, 
however, to reconfigure its internal listing of devices by issuing the command 

touch /reconfigure 

prior to rebooting, or by using 

boot -r 

to boot the kernel. If all goes well, you'll see messages confirming that the 
devices directory is being reconfigured. The next step, assuming that you 
know which partitions you wish to create for your drive, is to run the for- 
mat program, and use the partition option to size new partitions. Using the 
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uninterrupted service on your subscription by calling us at (800) 223-8720 and 
giving us your new address. Or you can fax us your label with the appropriate 
changes at (716) 214-2386. Our Customer Relations department is also 
available via email at zdjcr@zd.com. 
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(800) 786-7638 
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Please include account number from label with any correspondence. 



command newf s will create a new UFS file 
system on each of your new partitions, which 
can be mounted using the mount command. 
Don't forget to enter the appropriate settings 



into /etc/ vfstab if you want your new parti- 
tions to be available after the next reboot (but 
you don't need to reboot your SPARCstation 
for your drives to be available!). 



Adding swap space without a new partition 



T 'm running low on physical RAM, but I 
J- need to run some applications temporarily that 
require lots of memory. Can I add swap space on 
Solaris without creating a new swap partition? 

Creating a separate partition for swap space 
is probably the optimal solution for Solaris. 
But it's possible to create temporary swap 
by creating an empty file of a particular size, 
and then adding its capacity to the existing 
swap pool. 

To examine the current state of swap 
space allocation, use the swap -s command. 
Output from the command will look some- 
thing like this: 



Listing C: Output from swap -I 



swapfile dev swaplo 

/dev/dsk/c0t0d0s5 32.5 16 
/dev/dsk/c0t3d0s1 32,25 16 



blocks free 
2097344 539472 
1052144 125312 



total: 1298112k bytes allocated ♦ 272440k 
^reserved = 1570552k used, 369824k 
*»avai table 

On our machine, there's clearly a lot of 
swap memory allocated, but quite a bit is 
already allocated to applications. In order 
to view the existing configuration of swap 
space, use the swap -I command. This pro- 
duces output like the table in Listing C. 

This shows two partitions (c0t0d0s5 and 
c0t3d0sl) that are set aside specifically for 
swap. If we wanted to add around 100 MB, 
we'd first create an empty file by issuing 
themkfile 100M /temp swap command. This 
would create the file / tempswap. To add 
the file as swap space, use the swap -a /temp- 
swap command. Of course, when you've fin- 
ished using the temporary swap space, it's 
easily removed by issuing the swap -d /temp- 
swap command, 




MOV! 



ZD Journals 

On the 

iVE? 



Take us with you! 



If you're moving on to a new job or a new location, be sure to take us 
along! Email your new mailing address along with your customer 
number to ZDJCR@zd.com or fax us at (716) 214-2386. 
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